<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>I have a MICO service that is configured to use SSL using these
settings<br>
</p>
<p>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes"> </span>-ORBCSIv2 <br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">-ORBCSIv2Realm
@mydomain.com<span style="mso-spacerun:yes"><br>
</span></p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes"> </span>-ORBIIOPAddr
ssl:inet:0.0.0.0:0 <br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes">
</span>-ORBGSSServerUser user1,user1 -ORBGSSClientUser user1,user1
<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes"> </span>-ORBSSLverify 1
-ORBSSLcert /home/user1/certs/user1_cert.pem<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes"> </span>-ORBSSLkey
/home/user1/certs/user1_key.pem<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><span
style="mso-spacerun:yes"> </span>-ORBSSLCAfile
/home/user1/certs/user1_ca_cert.pem</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">I have a
service registered in the MICO naming service and would like to
use OmniORBpy to access it. I am able to get a reference to the
custom ssl service through by looking it up in the naming service,
but the connection fails to the service. </p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">I used
the following parameters in my omniorb.cfg file:<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">#
sslAcceptTimeOut<br>
#sslCAPath = /home/user1/certs<br>
sslCAFile = /home/user1/certs/user1_ca_cert.pem <br>
# sslCipherList<br>
sslKeyFile = /home/user1/certs/user1/user1_key_cert.pem<br>
sslKeyPassword = mypassword<br>
sslVerifyMode = peer,fail<br>
sslVerifyModeIncoming = peer,fail</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">I turned
on debugging, but I noticed that OmniORB never seemed to be
trying to use SSL. I only saw addresses with tcp in them. (I
prioritized my connection protocols as ssl, tcp, unix in the
omniorb.cfg file.)<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">Other
than compiling OmniORB and OmniORBpy with openssl enabled, is
there anything else that needs to be done to enable ssl
communication in OmniORBpy when access the service through an IOR
or naming service lookup? Do I need to explicitly need to specify
a sslCipherList?<br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">Has
anybody demonstrated interoperability with MICO and OmniORB's
using SSL communication?</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">Thanks,</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt">Rob</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt"><br>
</p>
</body>
</html>